Bush establishes cybersecurity board

President Bush has released his long-awaited presidential order creating a high-level board for ensuring protection of the nation's critical information systems.

Executive Order 13231, published last week in the Federal Register, launches a huge administrative apparatus. While it gives somewhat more authority and staff to Richard A. Clarke, Bush's cyberspace security adviser, Office of Management and Budget director Mitchell E. Daniels Jr. gets overall responsibility for governmentwide security policy and implementation.

Clarke will chair the newly created President's Critical Infrastructure Protection Board, which, under the order, has responsibility to 'coordinate and have cognizance of federal efforts and programs that relate to protection of information systems.'

'The information technology revolution has changed the way business is transacted, government operates and national defense is conducted,' the order said, and all those functions rely on an interdependent network of information infrastructures. 'Cost-effective security shall be built into and made an integral part of government information systems,' it said.

Clarke's staff will work at the White House and be drawn from executive branch personnel detailed to the board. Funding will come from the Office of Homeland Security and from agencies represented on the board.

But Bush's order reserves for Defense Secretary Donald Rumsfeld and CIA director George Tenet the responsibility for their own infrastructure protection policies and standards.

Board members, besides Daniels, will include Attorney General John Ashcroft and top-ranking officials of cabinet departments and independent agencies. All security-related government organizations will have representation on the board's committees.

The order does not abolish existing groups such as the Critical Infrastructure Assurance Office, the Federal Computer Incident Response Center or the National Infrastructure Protection Center, but the board will assume general leadership of all of them.

Many subcommittees

The board, the order says, will have at least 10 standing subcommittees, including one to reach out to state and local government, and one focusing on federal IT systems. Another subcommittee will be concerned with national security systems.

Bush also ordered creation of a National Infrastructure Advisory Council to advise him on security issues for information systems in various industries. It will consist of 30 chief executive officers of companies, academics, and state and local government officials. The order placed special emphasis on banking, finance, transportation, energy, communications and emergency government services.